#18667
89%

Ran 12 Jun 2023 06:13PM UTC

Jobs 1

Files 554

Run time 8s

Badge

Embed ▾

pending completion

Build # #18667

Build Type

push

github-actions

Committed by

ejona86

Commit Message

Upgrade netty-tcnative to 2.0.61.Final

This updates the version of boringssl and removes the dependency on APR.
netty-tcnative 2.0.56.Final uses APR 1.7.0, so is in scope for
CVE-2021-35940, CVE-2022-28331, and CVE-2022-24963. netty-tcnative is
not actually vulnerable. The binary does not include apr_socket_sendv(),
apr_encode_*(), apr_pencode_*(), apr_decode_*(), apr_pdecode_*(). The
binary does include apr_time_exp_*() but it is unused code.
Unfortunately --gc-sections wasn't used during compilation.
apr_time_now() is used, but that just calls gettimeofday() and is not
vulnerable.

There's no panic here, but this updates netty-tcnative just a few weeks
before we would have ordinarily done so. Bumping the version makes life
easier for everyone.

Run Details

30950 of 35071 relevant lines covered (88.25%)

0.88 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	#18667.1	12 Jun 2023 06:13PM UTC	0	88.25

Source Files on build #18667

Detailed source file information is not available for this build.

grpc / grpc-java / #18667
89%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build #18667

grpc / grpc-java / #18667 89%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build #18667

grpc / grpc-java / #18667
89%

README BADGES
x